Issues

Does Privacy Deserve its Pedestal?

Deciding whether privacy or individual freedom should be prioritised isn’t a new concern, nor is it one that’s limited to digital spheres, but that doesn’t stop advocates for each side vociferously arguing that their predilection holds all the answers. Daniel Davies looks at the battle between privacy and security

Privacy fanboys argue that, both online and offline, our freedom to be anonymous is crucial to citizenship, to democracy and to freedom of expression and choice. While on the other side of the debate, the argument goes that in order to achieve security users have to be willing to give up a certain amount of their privacy.

But despite what their advocates would have you believe, it isn’t a simple choice between two opposing ideas. Huge companies like Apple and Facebook argue for the sanctity of privacy because privacy is this exalted thing, beyond criticism, but does it deserve its status? We live in a post-Snowden digital world, where we know that the widespread adoption of technology has made data collection possible on a previously unimaginable scale; should we then be willing to give up some of this data for our own peace of mind, or can we have both privacy and security?

In an interview with Verdict Encrypt, the former executive assistant director of the FBI, Shawn Henry, made the point that in the physical world, ordinary citizens have already begun to define what the balance between privacy and security should look like. “If every time you try to get on the tube you have a police officer who wants to physically search you the citizens might say 'I'm not going to abide by that; I don't think the risk of terrorism is that high that I'm going to have a physical strip search every time I get on the tube',” said Henry.

“There might be other occasions where citizens understand and maybe when I go to the airport it's acceptable because the risk is so high.” But what is the appropriate balance between privacy and security in the digital world? To find out we sat in on a debate on the subject between the commissioner of the US’ Federal Trade Commission, Terrell McSweeny, and the CEO of the cybersecurity company Threatscape, Dermot Williams, at last year’s Web Summit.

Safety vs Liberty: What did Ben Franklin know?

When we talk about privacy we talk about the tools that make it possible – encryption, VPNs and privacy browsers – but the basic argument for privacy began long before Apple resisted the FBI’s pressure to have it unlock the encrypted iPhone of the San Bernardino terrorist. Benjamin Franklin was speaking on the debate around 250 years ago. Famously, Franklin said: "Those who would give up essential liberty, to purchase a little temporary safety, deserve neither liberty nor safety."

Taken out of context, Franklin’s quote could be used as a call to arms for privacy advocates, but, considered in greater detail, Franklin’s words don’t reveal a pro-privacy position and certainly can’t be used by modern supporters of privacy to defend their standpoint.

“He later said that distrust and caution are the parents of security.”

“This is a guy who never watched a single cat video in his life,” said Williams. “He has no understanding of the digital world in which we live in today. He never sent a tweet, he never had a Facebook account, in fact the only network he understood and knew was the US postal service because he was the first ever post master general. He later said that distrust and caution are the parents of security.

“In the slower era that he lived, there were fewer people living in the United States than have attended the Web Summit over the last seven years. It was a simpler time with simpler measures.”

Either or: Finding a Compromise between privacy and security

The side of the fence you fall on when it comes to privacy versus security may well depend on where you come from. In the West, we know, via whistleblowers like Snowden, that law enforcement officials have compelled phone companies to pass on information about users’ phone conversations, as well as gleaning information from people’s mobile phone communications. After September 11, the National Security Agency expanded its surveillance programs to allow it to collect phone records of millions of innocent Americans. The fear of this happening is what propels the privacy argument. Outside of the West though, the collection of data moves from being just creepy to an existential threat.

“One man's shield can be another man's dagger, and that's the problem with the world, with technology, encryption and secure communications,” said Williams. “If you look at any of the terrorist cells that have broken recently, almost without exception they've been using secure means of easily available communication, so I'm not saying that it's entirely a bad thing that there is secure communication; if I was a dissident living in a hostile totalitarian state, my life would probably depend on it, but society as a whole has to ask the wider question, is it a good thing that people with really bad intentions are able to use the same technology?”

“One man's shield can be another man's dagger.”

Share this article

However, as McSweeny points out, the answer is not to ramp up either privacy or security. The answer is to find a happy medium between the two. “I don't think this is an either or choice, but I think in this environment, in this day and age we have to insist on privacy as part of the conversation, in order to get the balance right around security because in a digital world we are living in is essentially a golden age of surveillance,” said McSweeny.

“It is impossible in modern life to do anything without leaving some sort of a digital footprint. For most of us a search of our digital lives is far more revealing than a search of our own homes or even our own bedrooms, so we have to update some of our legal frameworks to curtail invasions of our privacy and we should demand this right be appropriately balanced against security concerns when we're updating those frameworks.

“At its most basic privacy serves as a limit to power and a stalwart of liberty. So we're living in an age where I think the idea of controlling our own destinies by asserting our own choices is critically important, more important than ever before, and if we relinquish the notion of privacy as a concept, we're essentially surrendering all of that into a broader policy debate, and I think that that would be harmful ultimately to individuals.”

Is the government the bogeyman?

The thought that technology companies are using their platforms to monitor users doesn’t stop the majority of us from continuing to use those platforms uninhibited. However, when the government is seen to be encroaching on our privacy calls for greater privacy protections grow louder. But is it right that we appear happy to give our data to one authority but not to the other?

“Well it's interesting you talk about people's unwillingness to have data examined by the government and their discomfort at people being able to look at their emails or to examine their identity or their movements, but the same people who often are most egregiously wounded at any thought that the government might know what they're doing will happily give away truck loads of data to Google, to Facebook, to Twitter,” said Williams. “Every like, every websearch, every movement, everything you do is being tracked by these big global corporations, so I would say if you're willing to allow them to have such evasive insight into your daily life, should you not at least give a certain amount of insight to government agencies and to those who would seek to protect you rather than harm you?

“That's the social contract you have in a modern society. If you want to live in the backwoods of Kentucky and not deal with anybody else ever in your life that's fine go at it. But if you want to board that aircraft and sit next to me I want to know that your bag was searched, I want to know that your ID was checked, I want to know that I'm not at harm because of something you plan to do. If we can't look into somebody's heart we can at least look into their luggage, look into their email, at least know what they're planning to do.”

“There is at its essence a hostile symbiosis between privacy and security.”

Should we then open up our web histories, our phones and weaken encryption tools if they help keep us more secure? According to McSweeny, in the golden age of surveillance in which we live there is no need to increase the measures already available to law enforcement agencies.

“They [the law enforcement agencies] have so many tools in this environment, this is the golden age of surveillance, there are tons of tools that can be brought to bear, and we need to having a conversation about how government and law enforcement and national security apparatus can adapt to this environment, whether that's hacking their way around the problem or improving their own technical capabilities or coming up with better frameworks to exchange information.”

Although they make uneasy bedfellows, privacy and security have to be equally prioritised because they’re equally important. While that certainly doesn’t mean we should give away our privacy, it does mean that the tech industry has to withdraw what sometimes appears to be unconditional support.

“There is at its essence a hostile symbiosis between privacy and security and if we put privacy up to 100%, cannot be touched, then we are fundamentally harming security,” said Williams. “In the modern world you have to be willing to participate with those around you and to give up a certain amount of your privacy in a controlled manner otherwise you cannot guarantee the security of society.”

PR nightmares: Ten of the worst corporate data breaches

LinkedIn, 2012

Hackers sold name and password info for more than 117 million accounts

Target, 2013

The personal and financial information of 110 million customers was exposed

JP Morgan, 2014

One JP Morgan Chase’s servers was compromised, resulting in fraud schemes yielding up to $100m

Home Depot, 2014

Hackers stole email and credit card data from more than 50 million customers

Sony, 2014

Emails and sensitive documents were leaked, thought to be by North Korea im retaliation for Sony’s production of a film mocking the country’s leader Kim Jong Un

Hilton Hotels, 2015

Dozens of Hilton and Starwood hotels had their payment systems compromised and hackers managed to steal customer credit card data

TalkTalk, 2015

The personal data of 156,959 customers, including names, addresses, dates of birth and phone numbers, were stolen

Tesco, 2016

Hackers made off with around $3.2m from more than 9,000 Tesco Bank accounts

Swift, 2016

Weaknesses in the Swift payment system resulted in $81m being stolen from the Bangladesh Central Bank’s account at the New York Federal Reserve

Chipotle, 2017

Phishing was used to steal the credit card information of millions of Chipotle customers, thought to be part of a wider restaurant customer scam orchestrated by an Eastern European criminal gang

LinkedIn, 2012

Hackers sold name and password info for more than 117 million accounts

Target, 2013

The personal and financial information of 110 million customers was exposed

JP Morgan, 2014

One JP Morgan Chase’s servers was compromised, resulting in fraud schemes yielding up to $100m

Home Depot, 2014

Hackers stole email and credit card data from more than 50 million customers

Sony, 2014

Emails and sensitive documents were leaked, thought to be by North Korea im retaliation for Sony’s production of a film mocking the country’s leader Kim Jong Un

Hilton Hotels, 2015

Dozens of Hilton and Starwood hotels had their payment systems compromised and hackers managed to steal customer credit card data

TalkTalk, 2015

The personal data of 156,959 customers, including names, addresses, dates of birth and phone numbers, were stolen

Tesco, 2016

Hackers made off with around $3.2m from more than 9,000 Tesco Bank accounts

Swift, 2016

Weaknesses in the Swift payment system resulted in $81m being stolen from the Bangladesh Central Bank’s account at the New York Federal Reserve

Chipotle, 2017

Phishing was used to steal the credit card information of millions of Chipotle customers, thought to be part of a wider restaurant customer scam orchestrated by an Eastern European criminal gang